If your switches have management capabilities (like 3Com SuperStack), you can set one port on the switch as a "monitor"- the traffic you want to watch, and another port as an "analyzer"- the port you plug your sniffer into. This allows all packets traversing the monitored port to be forwarded to the analyzer port. The downside to this is you can only watch traffic from one port at a time; this is okay if the port is an uplink or backbone, but a pain for single machines.
A low tech option is to place a hub (or several hubs) strategically on your lan at each backbone or uplink section, and plug your sniffer into that. Kent Freeman -----Original Message----- From: Matt Hemingway [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 08, 2001 2:25 PM To: Milk; Jacques Chicourel Nunes Vaz - BA; '[EMAIL PROTECTED]' Subject: Re: Packet Sniffing in a Switched LAN If it's a switched network, which the subject of this e-mail states, than Ethereal won't work. The best tool for a switched network is ettercap (ettercap.sourceforge.net). Personally I use Arpwatch (no url available) to find all hosts on the network and than use Ettercap to sniff the victim. If this is a hubbed network than Ethereal works like a charm. -matt On Monday 05 November 2001 13:14, Milk wrote: > Try using Ethereal.... > > --- Jacques Chicourel Nunes Vaz - BA > > <[EMAIL PROTECTED]> wrote: > > Hi folks, > > > > I have a Lan with 200 desktops and I�d like to sniff > > it. What tool can I use > > to see all the packets ( going and coming ) ? > > Any suggestions ? > > > > Regards, > > > > Jacques > > ===== > Nothing is too small to know, and nothing too big to attempt. > -William Van Home > > __________________________________________________ > Do You Yahoo!? > Find a job, post your resume. > http://careers.yahoo.com
